CVE-2007-2120Oracle Application Server vulnerability

CWE-3993 documents3 sources
Severity
7.8HIGHNVD
EPSS
3.8%
top 11.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Application Server
Timeline
PublishedApr 18
Latest updateMay 1

Description

The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDoracle/application_server10.1.2.0.2, 10.1.2.2, 9.0.4.3+2

🔴Vulnerability Details

2
GHSA
GHSA-3jg7-3wmf-rr5h: The Oracle Discoverer servlet in Oracle Application Server 92022-05-01
CVEList
CVE-2007-2120: The Oracle Discoverer servlet in Oracle Application Server 92007-04-18
CVE-2007-2120 — Oracle Application Server vulnerability | cvebase